You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@pulsar.apache.org by Jon Arce <jo...@gmail.com> on 2020/06/05 18:38:35 UTC

JSON Web Tokens can't generate key pairs

Client authentication using tokens based on JSON Web Tokens
I am following the JWT document on link:
https://pulsar.apache.org/docs/en/security-jwt/
and when I try to create key pairs I got a WARNING, but NO keys are
generated:

$ pulsar tokens create-key-pair --output-private-key wk_private.key
--output-public-key wk_public.key
Password:
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by
org.bouncycastle.jcajce.provider.drbg.DRBG
(file:/opt/pulsar/lib/org.apache.pulsar-bouncy-castle-bc-shaded-2.5.2.jar)
to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of
org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal
reflective access operations
WARNING: All illegal access operations will be denied in a future release

Any advice?

Re: JSON Web Tokens can't generate key pairs

Posted by Sijie Guo <gu...@gmail.com>.

You don't need to specify keys when granting permission.

- Sijie

On Mon, Jun 8, 2020 at 5:28 PM Jon Arce <jo...@gmail.com> wrote:

> So I try: pulsar-admin namespaces grant-permission demoCustomer/test
> --role sso-user --actions produce,consume --private-key
> file://opt/pulsar/security/wk_private.key
>
> but still got the same error. I'm trying to follow the page here:
> https://pulsar.apache.org/docs/en/2.5.2/security-token-admin/#secret-vs-publicprivate-keys
> using the grant-permissions from command line.
>
>
> On Fri, Jun 5, 2020 at 8:12 PM Sijie Guo <gu...@gmail.com> wrote:
>
>> You need to use a file path for specifying key files. E.g.
>> file://path/to/your/key/file.
>>
>> - Sijie
>>
>> On Fri, Jun 5, 2020 at 11:38 AM Jon Arce <jo...@gmail.com> wrote:
>>
>>> Client authentication using tokens based on JSON Web Tokens
>>> I am following the JWT document on link:
>>> https://pulsar.apache.org/docs/en/security-jwt/
>>> and when I try to create key pairs I got a WARNING, but NO keys are
>>> generated:
>>>
>>> $ pulsar tokens create-key-pair --output-private-key wk_private.key
>>> --output-public-key wk_public.key
>>> Password:
>>> WARNING: An illegal reflective access operation has occurred
>>> WARNING: Illegal reflective access by
>>> org.bouncycastle.jcajce.provider.drbg.DRBG
>>> (file:/opt/pulsar/lib/org.apache.pulsar-bouncy-castle-bc-shaded-2.5.2.jar)
>>> to constructor sun.security.provider.Sun()
>>> WARNING: Please consider reporting this to the maintainers of
>>> org.bouncycastle.jcajce.provider.drbg.DRBG
>>> WARNING: Use --illegal-access=warn to enable warnings of further illegal
>>> reflective access operations
>>> WARNING: All illegal access operations will be denied in a future release
>>>
>>> Any advice?
>>>
>>

Re: JSON Web Tokens can't generate key pairs

Posted by Jon Arce <jo...@gmail.com>.

So I try: pulsar-admin namespaces grant-permission demoCustomer/test --role
sso-user --actions produce,consume --private-key
file://opt/pulsar/security/wk_private.key

but still got the same error. I'm trying to follow the page here:
https://pulsar.apache.org/docs/en/2.5.2/security-token-admin/#secret-vs-publicprivate-keys
using the grant-permissions from command line.


On Fri, Jun 5, 2020 at 8:12 PM Sijie Guo <gu...@gmail.com> wrote:

> You need to use a file path for specifying key files. E.g.
> file://path/to/your/key/file.
>
> - Sijie
>
> On Fri, Jun 5, 2020 at 11:38 AM Jon Arce <jo...@gmail.com> wrote:
>
>> Client authentication using tokens based on JSON Web Tokens
>> I am following the JWT document on link:
>> https://pulsar.apache.org/docs/en/security-jwt/
>> and when I try to create key pairs I got a WARNING, but NO keys are
>> generated:
>>
>> $ pulsar tokens create-key-pair --output-private-key wk_private.key
>> --output-public-key wk_public.key
>> Password:
>> WARNING: An illegal reflective access operation has occurred
>> WARNING: Illegal reflective access by
>> org.bouncycastle.jcajce.provider.drbg.DRBG
>> (file:/opt/pulsar/lib/org.apache.pulsar-bouncy-castle-bc-shaded-2.5.2.jar)
>> to constructor sun.security.provider.Sun()
>> WARNING: Please consider reporting this to the maintainers of
>> org.bouncycastle.jcajce.provider.drbg.DRBG
>> WARNING: Use --illegal-access=warn to enable warnings of further illegal
>> reflective access operations
>> WARNING: All illegal access operations will be denied in a future release
>>
>> Any advice?
>>
>

Re: JSON Web Tokens can't generate key pairs

Posted by Sijie Guo <gu...@gmail.com>.

You need to use a file path for specifying key files. E.g.
file://path/to/your/key/file.

- Sijie

On Fri, Jun 5, 2020 at 11:38 AM Jon Arce <jo...@gmail.com> wrote:

> Client authentication using tokens based on JSON Web Tokens
> I am following the JWT document on link:
> https://pulsar.apache.org/docs/en/security-jwt/
> and when I try to create key pairs I got a WARNING, but NO keys are
> generated:
>
> $ pulsar tokens create-key-pair --output-private-key wk_private.key
> --output-public-key wk_public.key
> Password:
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by
> org.bouncycastle.jcajce.provider.drbg.DRBG
> (file:/opt/pulsar/lib/org.apache.pulsar-bouncy-castle-bc-shaded-2.5.2.jar)
> to constructor sun.security.provider.Sun()
> WARNING: Please consider reporting this to the maintainers of
> org.bouncycastle.jcajce.provider.drbg.DRBG
> WARNING: Use --illegal-access=warn to enable warnings of further illegal
> reflective access operations
> WARNING: All illegal access operations will be denied in a future release
>
> Any advice?
>